[gptalk] Re: Disabling Computer Accounts

  • From: neil@xxxxxxxxxxxxxxxx
  • To: gptalk@xxxxxxxxxxxxx
  • Date: Thu, 25 Jan 2007 17:01:39 -0000 (GMT)

Darren,

Many thanks it had never occurred to me that I couldn't link a GPO to the
computer container - perhaps I should have tried first !!

Redircomp seems to be my solution to create a holding area as you
described and there's a user version as well (redirusr.exe)

Thanks a lot for the help :)

Neil


> Neil-
> First off, the Computers container is not an OU, so you can't link a GPO
> to
> it. You can only link it to the domain to effect those machines and then
> that GPO would apply to all computers unless you managed the security
> permissions around it. I think your better bet is to make sure that all
> new
> computer accounts added to the domain are sent to a particular OU. Server
> 2003 includes redircomp.exe that lets you change the default location that
> new computer accounts are sent to. You could then use a GPO linked to that
> "holding" OU to lock down those systems.
>
> Darren
>
> -----Original Message-----
> From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
> Behalf Of neil@xxxxxxxxxxxxxxxx
> Sent: Thursday, January 25, 2007 8:04 AM
> To: gptalk@xxxxxxxxxxxxx
> Subject: [gptalk] Disabling Computer Accounts
>
> Hi all,
>
> Does anyone have any ideas on how best to achieve the following.
>
> I need to make a computer that is intially built into the domain -
> virtually unusable until it is placed in the correct OU.
>
> I had thought of applying a very restrictive GPO to the default computers
> OU which made it unusable but not quite sure which settings to apply and
> if there are any issues with doing this.
>
> It is bascially to stop people bypassing build procedures and policies and
> not putting the computer into the correct OU.
>
> Thanks for any thoughts :)
>
> Neil
> ***********************
> You can unsubscribe from gptalk by sending email to
> gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
> logging into the freelists.org Web interface. Archives for the list are
> available at http://www.freelists.org/archives/gptalk/
> ************************
>
> ***********************
> You can unsubscribe from gptalk by sending email to
> gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
> logging into the freelists.org Web interface. Archives for the list are
> available at http://www.freelists.org/archives/gptalk/
> ************************
>

***********************
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/
************************

Other related posts: